Apple addresses iTunes "MiniStore" privacy concerns

Apple on Wednesday responded to claims that its new iTunes 'MiniStore' feature is akin to spyware by remotely disabling the feature on all installed copies of the latest digital jukebox software.

On relaunch, iTunes 6.0.2 now offers a dialogue allowing users to decide whether to enable the "MiniStore" feature, which reports information about each song a user listens to in iTunes, notes MacNN.

Apple released iTunes 6.0.2 on January 10th, but two days later avid Mac users discovered that the software quietly communicated playlist information over the Internet, both to Apple and to a company based in Orem, Utah.

The MiniStore now displays an information pane on the first connect to it, explaining what data is transmitted, and telling the user how to toggle its visibility. It also confirms that when the MiniStore is disabled, that no data is transmitted at all. This update was performed on Apple's servers, leaving user installations untouched.

The latest version of iTunes now displays the following note via its interface: "The iTunes MiniStore allows you to discover new music and videos right from your iTunes Library. As you select items in your Library, information about that item is sent to Apple and the MiniStore will show you related songs or videos. Apple does not keep any information related to the contents of your music Library."

Whoah there conspiracy theorist! I don't know much about this, but I am guessing that since the mini-store is by default active, and since the function of the ministore is to send to and receive information from Apple, this is a minor thing for them to do. By no means does it suggest anything more than what it is - the company disabling the function due to consumer complaints...

Quote:

Originally posted by VanFruniken

Now it is this last point that bothers me. Apparently Apple is able to control remotely how our apps work.

My question, now, is: "how many other hooks into our systems does Apple have to control other ascpects of our Macs"?

It also appears that Apple was able to add or activate a new "show/hide" MiniStore button to the iTunes interface (below) without requiring a software update.

Actually, this last sentence is wrong. The Show/Hide button was already included with the 6.0.2 update prior to today's change.

This is a very good move on Apple's part. They made a minor but poorly-judged move by adding the ministore (by default) in the first place, and should have had a heads-up like this to begin with, but they've acted swiftly and appropriately to nip it in the bud.

Yes, I have always kept it closed. The question is, before this change, if it was closed, would it still send information to Apple?

No. This update basically just reminds people that it CAN be closed, and tells people exactly WHAT is happening so they can decide Which is what they should have done.

And adding that note doesn't mean Apple is remote-controlling your mouse or something

It probably means Apple ALREADY included that note in the new iTunes, and was debating whether they should bother people with it or not. So they disabled it but left the option open to show it. Now I bet they're glad they did.

EDIT: Above poster makes more sense: the popup is probably generated by the ministore just like other popups are generated by the main store. I never thought about whether they were in the "HTML" or in the app, but now that you mention it I bet you're right.

Either way, Apple didn't have to "intrude" on your machine in order to add the new warning.

Yes, I have always kept it closed. The question is, before this change, if it was closed, would it still send information to Apple?

Too bad they're using port 80 for this information sharing, otherwise it would be possible to use Little Snitch to block it without blocking everything else.

Actually, if you check the comments in the original stories on this (at BoingBoing, SlashDot, etc), quite a few people confirmed that no, it was *not* sending info to Apple unless the ministore was showing, even before this change. They cited LittleSnitch and other similar utilities to verify it.

So, Apple only made 2 errors here: 1) the store was "on" by default instead of "off"; and 2) they didn't give you any notice of what information was being sent (or under what circumstances). This latest change solves both.

Actually, if you check the comments in the original stories on this (at BoingBoing, SlashDot, etc), quite a few people confirmed that no, it was *not* sending info to Apple unless the ministore was showing, even before this change. They cited LittleSnitch and other similar utilities to verify it.

So, Apple only made 2 errors here: 1) the store was "on" by default instead of "off"; and 2) they didn't give you any notice of what information was being sent (or under what circumstances). This latest change solves both.

ok, good to know that keeping it closed prevented the information from being shared.

And I did notice that even though I had previously kept that portion of iTunes closed, when I updated to 6.0.2, it was reopened (and I had to close it again). So that's another problem with the update: not respecting previous user settings.

Wha is it with the sudden influx of "Apple can´t do anything wrong" people we have ahd lately?

Who in this thread has said that?

Nobody has denied that Apple was wrong to give no warning before. They've STOPPED doing this particular wrong, however. And there are misunderstandings about what that wrong was--like saying you couldn't disable it before, when that was always a click away, if Apple would only explain the choice. Now they do. (AND they note that they don't store your play info, only use it at the moment, to send recommendations--which removes most of my early complaints about this issue.)

BTW, the iTunes music store displays--including the mini-store, ARE a kind of HTML rendered on the fly depending on what items need to be shown. The only question is whether Apple delivers the popup notice itself that way (as many web sites do) or whether the warning was there all along. I'm curious about which method they use, but neither answer to that technical question is about apple "doing wrong" or "doing no wrong." Either way they DID do (small) wrong by not reminding people of the obvious (that the mini store recommendations are based on YOUR music playing)--and either way, they've corrected that thanks to feedback which they got--and which they deserved.

While Apple handled the problem in the best way, I'm surprised that they didn't anticipate the bad publicity that resulted from them doing it the way they did.

You would think that after what happened to Sony, apple would have said, whoa!. If they just came out with this information layout in the beginning, they would have been praised for being so upfront with what they were doing. Eveyone would then have pointed to them and said that they "got it".

Instead, we have this mini tempest.

The problem here is that the cure will never entirely erase the initial bad publicity and distrust from all. Apple's critics will be sure to bring it up again, and again.

I just can't understand why companies aren't smarter about these things, especially when they are doing something that they don't have to be ashamed about in the first place.

Nice to see Apple finally grow some brains on this issue. Personally, the "privacy" thing didn't bother me so much, but I can see why others might take issue with it. For me, it was more that it was extremely intrusive, and not immediately obvious how to turn it off.

Does anyone know anyone who actually likes or uses the ministore?

Just so we are absolutely clear:

The contents of the iTunes window area that I have highlighted red in this picture is dynamically generated by Apple's music store servers and sent to iTunes. The button that the mini-store area is pointing to has always been in iTunes 6.0.2. Apple have not modified anything on your computer.

I just can't understand why companies aren't smarter about these things, especially when they are doing something that they don't have to be ashamed about in the first place.

I agree. I mean, the feature is intended to help users find music they may like based on what they currently listen to, so it's not bad intentioned. However, as is the case with any information collection, there is the potential to make a lot of money from information end users may or may not want to share, and so there will always be a level of distrust. Especially when the average user doesn't know exactly what information is being collected.

I think the best solution is for companies to be completely transparent about information collection: tell what information is collected, describe the benefits to end users, and allow them to decide what information they feel comfortable sharing through the application settings. The defaults, of course, should be no information sharing whatsoever.

Not disposed to internet paranoia, why is it I'm supposed to care whether Apple can see my playlists? I know, I know, they DON'T, but why am I supposed to care?

Because if Apple knows I listen to Radiohead a lot, I'll turn to a pillar of salt?

I'm all for stopping snooping technology that lets companies I don't know about or don't consent to snoop around on my computer, show me pop-up messages for prescription drugs or drain my computer's processing power for nefarious purposes. I'm just not all concerned about a company whose product I use by license from that company -- ahem, Apple -- using information it gets from my usage of its product to make my experience better.